Track Common Adversary Tasks Performed Using BackConfig
To know more about it, you can go through my detailed document by clicking here
Overview
BackConfig is a trojan having a flexible plugin architecture that has been used by Patchwork APT. It's a complex hacking tool, generally deployed against the high-value targets of South-Asian region.
How Does It Works?
This malware generally spreads through spear-phishing emails, in which, the fake content seems relevant to the target preferences and once it successfully tricks the target, the system will be infected by BackConfig malware. Recently, a combination of text files and batch scripts was used to eventually download the BackConfig payload via a remote URL. After that, this malware can easily gather system information, download additional payloads, keylogging, etc. and use them for their malicious purposes..
Impact
Information theft and exposure of sensitive data are some of the major impacts of BackConfig infection.
Prevention
Following steps might help in mitigating this malware:
- Block all threat indicators at your respective controls.
- Always be wary of the emails sent by an unknown sender.
- Don't click on the links/attachments sent by an unknown sender.
To know more about it, you can go through my detailed document by clicking here
Comments
Post a Comment